The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, sponsored by ID Experts, discovers a change in the base cause of healthcare data breaches from accidental to intentional. The new study found 125% increase in criminal attacks in the past five years and also that most organizations are unprepared to fight new threats and lack adequate knowledge to protect patient medical and personal data.
The number of cyber attacks against medicinal workers, doctors, hospitals and clinics is rising, costing the U.S. healthcare system some $6 billion a year as criminals who once targeted entrepreneurs and financial firms increasingly go after medical records, security experts warn. The new survey was carried out by the Ponemon Institute, a Michigan-based research organization focused on privacy, data protection and information security policy.
Malicious attacks against health-care companies doubled in the past five years, on average now costing a hospital $2.1 million per data breach, according to a study from the Ponemon Institute.The report found that nearly 90 percent of health-care providers were hit by data breaches in the past two years, and half of them were criminal in nature. In general, hospitals and health insurers are still unprepared for sophisticated data attacks, security experts concluded.
Cyber security experts now warn that elite financial criminal syndicates had been targeting large financial institutions until they realized that health-care databases are more valuable. Such medical records often contains Social Security numbers, insurance IDs, addresses and medical details, and there is a growing market for such kind of data, it sells for much as 20 times the price of a stolen credit-card number. This makes healthcare data breach a lucrative business, according to security officials.
Criminals can use those stolen information to open up a line of credit in the victim’s name, or for medical identity theft, were the victims insurance ID is used by an imposter seeking free medical care, potentially for organized mafia members or foreigners involved in criminal activity in the US. or anyone who wants to stay undetected while in hospital.
Ponemon researchers discovered that half of healthcare organizations surveyed did not have the sufficient technology to prevent or quickly detect a data breach, neither they had personnel with the necessary technical knowledge. Although they were aware of possibility of cyber attacks, 44% of US companies fail to enforce security and data privacy policies, with a further 34% reporting they enforced those policies in only some cases. Many firms today are now moving from paper-based to automated systems, a transition that makes them “very vulnerable to criminal attacks” according to Larry Ponemon, chairman of the Ponemon Institute.
According to a database operated by the Department of Health and Human Services, which requires companies to report breaches involving more than 500 patients, health records on 88.4 million people were breached as a result of cyber theft or hacking.
Stolen data records are sold mostly on private forums that specialize in selling hacked credit cards or Social Security numbers, or on the dark web, where users’ identities are almost impossible to discover and where transactions are being done anonymously in Bitcoins, as confirmed by data security officers.
Almost any kind of data can be valuable, some thieves even manage to sell thousands of records containing information on people who’ve been diagnosed with HIV or have liver damage from alcohol use, among other conditions.The cyber security world for now just discovered a fraction of the criminal activity going on in the system considering healthcare data breach, using dark web — just the tip of the iceberg.